COIT20265 Networks and Information Security

Capstone Project Case Study

Tivoli Central University (TCU)

Background Tivoli Central University (TCU) is a public higher education institution founded in Northampton in late 1960. By 1970, it was the first Institute in Tivoli to launch distance education programs. During the 1980s, the university expanded its operations to other regional areas outside Northampton including Carlsberg, Radcliff, Bluestone and Quay West. Likewise, TCU also expanded its presence throughout Tivoli with campuses in metropolitan areas including Armadale, Bass Strait, Coors, St Marie, and Golden Goose. At present TCU provides diverse range of trade qualifications, undergraduate and postgraduate programs as well as short professional or occupational courses. More than 30,000 students are currently studying various levels of programs at TCU as on-campus students. Additionally, more than 10,000 students are currently studying at TCU under the online and distance education programs.

TCU has three major facilities to support its information technology services: Headquarters, Operations (Data Centre) and Backup. The Headquarters facility is located in the Northampton main campus. The Operations facility is located 50Kms from the Headquarters in a warehouse near an industrial area in the outskirts of Northampton. The Operations facility houses the back-office technical functions, the data centre and IT staff. The Backup facility is located in the country area of Tivoli about 1000km from the headquarters. TCU uses the Backup as a warm-site facility that can be operational within minutes in the event the Operations facility fails.

Apart from the main campus in Northampton, all regional and metropolitan campuses are very similar in terms of size, staff, and technologies. Their IT infrastructure is spread around Tivoli in buildings and use relatively old and complex technologies. TCU still uses SNA (Systems Network Architecture) protocols to enable campus communication to the mainframe computer located at Operations. Currently, File servers still require IPX/SPX communication and some campuses (not all) use TCP/IP to connect to the Internet. Additionally, each campus is connected to the Operations through an old Multiservice Platform Router for flexible LAN and WAN configurations, easy upgrades, and the handling of various protocols at the internet and transport layers. The router enables the campus to communicate with different TCU campuses located in different sites. To support the day-to-day learning and teaching activities of students, academics and administrative staff TCU also deals with a dozen (12) of external partners including hospitals and research centres in many different ways.

Wide Area Networks (WANs) in TCU

Figure 1 outlines the complex WAN infrastructure TCU currently uses to support its operations. A mesh of three T3 leased lines connects the Headquarters, Operations (Data Centre) and Backup sites. These lines operate at 44.7 Mbps, providing redundancy between the major facilities.

Networks and Information Security Case study Copyright © Edilson Arenas

Each campus building connects to the major facilities via a Frame Relay network: one 56kbps PVC2 leading to the Operations and 56 kbps PVC3 leading to the Backup facility, most of the time. There are ISDN backup lines in case of Frame Relay failure (Note that PCV1 represents two aggregate PVCs of 56 kbps each. PVC2 and PVC3 are both 56kbps). By the same token, the 12 educational partners are connected to TCU via a frame relay network of 56kbps. As shown in the diagram, TCU uses two separate ISPs for Internet connection via T1 leased lines.

Figure 1 TCU WAN Local Area Network (LANs) in TCU

Each TCU regional and metro campus is supported by 10Base-T Ethernet LANs, and TCU is expecting to upgrade to more modern Ethernets soon. Each of these campuses has an average of (a) 200 employees including academic, administrative and management staff and (2) about 2,000 on- campus students. The main campus at Northampton houses around 2,000 academic, administrative and management staff. Nearly 10,000 on-campus students are studying at the Northampton main Unlike regional and metro campuses, Northampton staffs are supported by 100Base-T Ethernet LANs. In the Operations facility, there are 100 engineers in charge of technical support of the data centre, networking, maintenance, and application development. The organisational and operational structure of the Backup facility is similar to the structure of the Operations facility.

Current ICT infrastructure

ICT infrastructure at Metro and Regional campuses • Staff equipped with Desktop PCs running Windows 7 (dual monitors) • Staff PCs equipped with first generation headsets and webcams Networks and Information Security Case study Copyright © Edilson Arenas • 12 networked Laser Printers • 20 computer labs, each with 24 Desktop Pcs running Windows 7 (single monitor) • One Network Attachment Storage for local storage in each lab • One Multiservice Platform Router • 10Base-T Ethernet • Staff equipped with plain old telephone systems (POTS)

Staff Software

• Microsoft outlook installed in all staff workstations to access emails • Microsoft Office suite

• Google Chrome and Firefox • Sophos Anti-virus

• Moodle Learning Management System (LMS) • PeopleSoft Enterprise systems

• Liferay Information systems portals

• Mahara E-Portfolio systems Computer Lab Core Software

• Adobe Reader • Adobe Design Premium Suite including:

• Adobe Acrobat Pro

• Adobe Dreamweaver • Adobe Flash Pro

• Adobe Fireworks • Adobe Illustrator

• Adobe InDesign • Adobe Photoshop Extended

• Adobe Flash Player • Adobe Shockwave Player

• Endnote

• Google Earth • IBM SPSS Statistics

• IBM SPSS AMOS

• Java Development Kit

• QuickTime • Mathtype 6.7

• Mozilla Firefox

• VLC Media Player • NetBeans

• Android SDK • GlassFish Application Server

• Derby Network Database Server • MySQL Database Server

Networks and Information Security Case study Copyright © Edilson Arenas • Microsoft Office suite including: • Word • Access

• Excel • PowerPoint

• Publisher • Microsoft Project Professional • Microsoft Visio

ICT infrastructure at Headquarters (Northampton)

• Staff equipped with Desktop PCs running Windows 7 (dual monitors) • Staff PCs equipped with latest generation headsets and webcams

• 100 networked Laser Printers (also capable of scanning and photocopying)

• 100 computer labs, each with 24 Desktop Pcs running Windows 7 (single monitor) • One Network Attachment Storage for local storage in each lab

• One Multiservice Platform Router • Staff equipped with VoIP video phones

• 100Base-T Ethernet

Staff Software

• Microsoft outlook installed in all staff workstations to access emails

• Microsoft Office suite

• Google Chrome and Firefox

• Sophos Anti-virus

• MSDN-AA Computer Lab Software

Like in the Metro and Regional Campuses ICT infrastructure at Operations site

• One Multiservice Platform router • Operating system: Combination of Windows and Linux OSs servers • Staff equipped with Desktop PCs running Windows 8

All operational servers including FTP, HTTP/HTTPS, SMTP/SMTPS, DHCP, DNS, Authentication, Telepresence, Domain Controllers, Database, SAN, Load Balancing and video are concentrated in this

facility. The Operations facility also contains the infrastructure to support TCU's enterprise resources

and services (described below)

Networks and Information Security Case study

Copyright © Edilson Arenas ICT infrastructure at Backup site

As mentioned, the Backup is a warm-site facility that can take over within minutes in the event that the Operations facility fails. Its infrastructure mirrors the Operations facility.

Enterprise resources and Services

• Telepresence: VoIP, Video Conferencing, Interactive Systems • Printing

• Multimedia • LMS - Blackboard

• Backboard Collaborate

• EduRoam

• Finance

• Student Information Systems • Voice Mail • SAP Enterprise Resource Planning

• Document Repository Problem Statement

TCU business processes rely on a combination of systems including Internet, IPX/SPX, SNA and ICT- related services with a very complex ICT infrastructure. TCU academic board acknowledges this as major issue: the bottleneck for future TCU growth and sustainability. The senior executive of TCU

argues that currently the university is spending huge to maintain and integrate disparate and cumbersome systems; with little room to expand and improve services. The TCU academic board

claims that TCU needs to change and re-provision the ICT infrastructure to provide high quality learning and teaching in the most cost effective way.

As part of this change, the transition to interoperability should be achieved in a smooth manner while leveraging the latest advancements in network and information security infrastructure in order to guarantee "zero" problems in the TCU processes. TCU is also planning to invest in a multimillion

dollar venture to modernise the university's ICT infrastructure. This will potentially include: [1]

immersive telepresence system to support distance education students (expected to grow 50% in the next 3 years), [2] staff and student remote access and mobile services (staff BYOD and Work-at-

home (WAT) policies) that TCU currently does not have, [3] migration of a number of services to the Cloud including the Learning Management System, File, Web and Mail Servers.

In terms of network and information security, TCU ICT infrastructure should safeguard appropriate

access and use of ICT resources; ensure unauthorised and malicious internal and external network

attacks are properly blocked. Network redundancy is currently achieved with the mesh of three T3

leased lines connecting the Headquarters (Northampton), Operations and Backup buildings; however, nothing has been done so far in terms of a security plan including a robust disaster

recovery (DRP) and business continuity plan (BCP) for the university.

Statement of Work

The statement of work is divided in two parts: Part A and Part B. Networks and Information Security Case study

Copyright © Edilson Arenas For this part you are required to design and implement a secure information and network

infrastructure that ensures high availability, reliability, scalability, performance and security to support TCU services. This requires [1] the redesign of the network; [2] the delivery of a

comprehensive network security plan; and [3] Security technology implementation - proof of

The following is a breakdown of the tasks for part A.

Network Redesign

1. Network redesign including LANs, VLANs, WANs and VPNs. In this redesign, the IP address

allocation should use the CIDR format (x.y.z.t/n). Discuss with your mentor the range of IP

addresses you are planning to use. 2. Each LAN, WAN, VLAN and VPN should be justified in terms of traffic, reliability,

performance, availability, scalability and security. To do this you need to make a number of

assumptions (discuss this with your mentor / facilitator / teacher). For example, assume that a great number of university services operate 24/7. Other facilities are to operate from

6:00am to 8:00pm daily, Monday to Friday.

For this redesign, take into account the following:

a. Traffic generated by the hosts: clients, servers and backup devices

b. Appropriateness of current WAN links c. Appropriateness of current WANs (Frame Relay) d. Appropriateness of current LANs

e. VLANs requirements

f. All networking devices including routers and switches at each site or location g. IP address allocation of each network and main network devices

h. Sub-netting to separate traffic including IP address allocation

i. Firewalls positioning and strategy

j. Proxy servers k. DMZ configuration

l. Firewalls Access Control Lists m. Network diagram of the topology and allocation of devices; and IP addresses for the main

network devices

n. Provision data encryption to secure data travelling between internal and external networks

Comprehensive Network Security plan The network security plan should contain as minimum the following: 1. Introduction outlining the importance of the plan and its purpose

2. Scope outlining the areas of the organisation that the Plan applies

3. Assumptions documenting any assumptions you have made in order to prepare the plan

4. Clear and concise statements about what the Security Plan is designed to achieve. 5. Summary and analysis of the organisation's risks, highlighting the current threats,

challenges and vulnerabilities along with an assessment of current security environment

and treatments in place.

Networks and Information Security Case study Copyright © Edilson Arenas

6. Network Security policies to address all possible network attacks and vulnerabilities

7. Information Security policies to address unauthorized and misappropriate use of TCU data

and software applications 8. Disaster recovery and Business continuity plans

9. Security Strategies and Recommended controls including security policies 10. Residual risks that remain after all possible (cost-effective) mitigation or treatment of risks.

Your security plan should estimate, describe and rate these risks to guide the priorities for ongoing monitoring of risks.

11. Resources for implementing the recommendation

Security Technology Implementation

As part of the security technology implementation and in line with the recommended controls

mentioned above in the network security plan (item 9), you need to provide the complete design and implementation of the following technology:

1. Data backup and recovery technology including the procedures for backup and recovery. 2. A proper authentication system that takes care of highly secured roles and permissions

3. File, Web (and secure Web), Mail (and secure Mail including spam email prevention), Note that there are NASs at the campuses to back up the data generated locally,

however the vast majority of data is backed up to the File Server Operations facility through the network. to access, share, download, upload files and folders. This should include authentication

for wireless and mobile services as well.

DHCP, DNS, Domain Controllers, Database and LMS (Learning Management System) servers.

4. Hardening of servers described above in section 3.

5. Network security including DMZs, Firewalls, Intrusion Detection and Prevention Systems For the recommended technology implementation, you need to justify your

recommendation (chosen technology) in terms of cost, reliability, maintainability, performance and scalability. For each technology, make sure to provide details of the

vendor, and the version of hardware and software. TCU Technology implementation - Proof of concept As part of the project requirements, you are required to test the recommended controls suggested

in the security technology implementation section above. The solution should address current needs

of TCU, including the installation of the software, configuration of the system, and developing of test cases to check the complete functionality of the system. For the proof of concept, it is mandatory that you include the documented results (procedures and

screen dumps) of various network security attacks tests (such as Network Penetration Test) as part of your final project report. You may use your choice of security software/tools (including freeware

open software systems) and operating systems (Windows, Linux, or Ubuntu) in a virtualized environment to build and simulate the security tests. You are required to demonstrate your

implementations at the end of the term. Networks and Information Security Case study

Copyright © Edilson Arenas (IDSs and IPSs)

In part B, your task is to recommend the TCU academic board on:

1. An appropriate immersive telepresence system to support distance education students. As

mentioned above, TCU is expected to grow 50% in distance education in the next 3 years. 2. You are also to recommend the strategy for staff and student remote access and mobile

services (staff BYOD and Work-at-home (WAT); and student BYOD and study-at-home policies). 3. Finally, a complete technical report on the migration of the LMS, File, Web and Mail Servers

to the Cloud, including requirement analysis, cost benefit analysis, risk analysis and final recommendation from a list of at least three cloud service providers (CSPs).

Hello, Please transfer this email to expert, Please do take time to read everything, as all

the details about individual files which you needs to submit me 

This is my Networking Final project.  progress report 1 

progress report 2 progress report 3

progress report 4  Each progress report should contain a review of the project, summarizing work

completed since the last report.

Hints  You should begin with a brief review of work completed since the last progress

report: this should exceed not 500 words. You should highlight any major

achievement(s) and outline any issues or problems. You should flag work that will be undertaken in the next review period You should include an activity list detailing tasks (both completed and

outstanding), who is assigned to the task, level of completeness and any comments. While not mandated, you may like to follow the format below: 

Use this report to keep your local lecturer up to date with your progress and to

make them aware of any problems you are having.  this is likely what u done in each stage of ur project.

this need to be done in the ATTACHED FILE only, So plz do check the attached

file.  and other files 

DRAFT Network security plan 

Project plan  Proposed technical implementation (presentation),  Final project report and implementation 

Electronic Portfolios  An e-portfolio is a learning tool that enables students to accumulate evidence of

learning achievement. In this course, you will use Mahara as the learning tool to maintain your portfolio. 

The project portfolio is to be maintained by every student individually.  Entries are to be made in your portfolio on each occasion that work is undertaken

on the project, detailing the work done, time taken, difficulties experienced, and other issues that may arise. It is to be a record of EVERY activity undertaken by

you in developing the project. 

Entries will be made in the portfolio on a weekly basis at a minimum. You need to provide evidence of these entries by providing the Mahara Secret URL when

required by your mentor. Do not leave this task for the very end of the term. 

The portfolio will contain work that has been assimilated into the group project work, as evidenced by information supplied in the portfolio as to where the work

is located in the final group report submission.Failure to submit a portfolio will disadvantage your overall marks. 

For the presentation, we require the slides which have to show  present the summary of your network security plan that you have produced  identify and justify your selection of key threat or security challenge to the organisation 

explain what technologies will you implement to mitigate or address such threats

and challenges  describe how you will test the security technologies what types of policy and/or

procedure documents that you have intended to produce.  Make sure you follow all the requirements given above for this 3 files as ​ ​ well.